The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Friday Five: 4/29 Edition



It’s Friday! Catch up on the top infosec headlines with our weekly news roundup.

1. Mexico’s Entire Voter Database Was Leaked to the Internet by Andrew Liptak

Threat researcher Chris Vickery, who previously uncovered data breaches for Hello Kitty users, medical data, and some of the biggest data breaches of 2015, discovered a database with the personal information of more than 87 million Mexican voters. Mexican authorities were notified and after confirming the list’s validity, had it removed from Amazon Web Servers. Alarmingly, there was no password protection to the database, which included names, birthdays, addresses and voting numbers. Though the source of the leak is unknown, a possible culprit could be someone who works at one of Mexico’s major political parties. Read the full article on Gizmodo.

2. BeautifulPeople.com Leaks Very Private Data of 1.1 Million ‘Elite’ Daters – And It’s All For Sale by Thomas Fox-Brewster

Another large data leak this week comes from BeautifulPeople.com, an exclusive dating site where people must be deemed attractive enough before they can sign up. Though initially breached in December 2015 on one of their test servers, the site quickly shut down the server and locked up the data, but not in time. The leaked data, which includes over 100 individual data attributes per person such as private messages, sexual preferences, incomes, addresses, and more, is being traded on the dark web and can be used by cyber criminals for targeted phishing attacks, identity theft, and other malicious activities. Read the full article for more information on this data breach.

3. Phishing Remains a Weapon of Choice, Says Verizon by Larry Dignan

Verizon’s 2016 Data Breach Investigations Report (DBIR), which analyzed 100,000 incidents, shows that nearly 90% of data breaches tracked by Verizon were conducted via phishing. Surprisingly, 30% of phishing messages were opened by the targeted user and 12% actually clicked on the malicious content, which can often lead to stolen credentials. Verizon also found that the first victim in a phishing campaign opens up the email in less than 2 minutes, which speaks to the rapidity of how malicious content proliferates. For more on Verizon’s 2016 DBIR, read the full article.

4. Hundreds of Spotify Credentials Appear Online – Users Report Accounts Hacked, Emails Changed by Saran Perez

Though the breach has yet to be confirmed, a list of hundreds of credentials unique to Spotify have appeared on Pastebin: email, password, account type, and subscription auto-renew dates. Affected users are from various countries around the world. Because Spotify has had previous security incidents, it's possible that this data is from an old leak. Some users were even kicked out of their accounts mid-streaming music as their emails and passwords were changed. Though users can work with customer service to get their accounts back, the real risk posed is for users who use the same password for other accounts. Read the full article on TechCrunch.

5. 7 Million Accounts Compromised via Lifeboat Hack, a Minecraft Pocket Edition Community by Ms. Smith

Lifeboat, a Minecraft Pocket Edition for mobile, is now ranked as one of the top 10 breaches on Have I Been Pwned with over 7 million compromised accounts. Initially leaked in January, the passwords were stored with skimpy cryptography measures with a MD5 hash and no salt. Even more disappointing, Lifeboat failed to notify users, who were in the dark for 3 months. Threat researcher Troy Hunt worked with German gamer Hennihenner, who has had to change his compromised password for other sites such as YouTube, Reddit, and Twitter, to confirm the legitimacy of the breach. Read the full article on NetworkWorld.

Ellen Zhang

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Ellen Zhang

Ellen is the Acquisition Marketing Manager at Digital Guardian, with nearly half a decade of experience in the cybersecurity industry. As the company's SEO and PPC manager, Ellen has spent numerous hours researching information security topics and headlines.